SoK: An Evaluation of the Secure End User Experience on the Dark Net through Systematic Literature Review

: The World Wide Web (www) consists of the surface web, deep web, and Dark Web, depending on the content shared and the access to these network layers. Dark Web consists of the Dark Net overlay of networks that can be accessed through speciﬁc software and authorization schema. Dark Net has become a growing community where users focus on keeping their identities, personal information, and locations secret due to the diverse population base and well-known cyber threats. Furthermore, not much is known of Dark Net from the user perspective, where often there is a misunderstanding of the usage strategies. To understand this further, we conducted a systematic analysis of research relating to Dark Net privacy and security on N = 200 academic papers, where we also explored the user side. An evaluation of secure end-user experience on the Dark Net establishes the motives of account initialization in overlaid networks such as Tor. This work delves into the evolution of Dark Net intelligence for improved cybercrime strategies across jurisdictions. The evaluation of the developing network infrastructure of the Dark Net raises meaningful questions on how to resolve the issue of increasing criminal activity on the Dark Web. We further examine the security features afforded to users, motives, and anonymity revocation. We also evaluate more closely nine user-study-focused papers revealing the importance of conducting more research in this area. Our detailed systematic review of Dark Net security clearly shows the apparent research gaps, especially in the user-focused studies emphasized in the paper.


Introduction
The World Wide Web is a network of linked hypertext files that can be classified into three regions: surface web, deep web, and Dark Web [1]. The surface web is accessible to all users of the Internet. Many users and researchers also refer to it as the open web. It consists of all the websites that have been indexed and crawled, thus making it accessible through DNS lookups, search engines, and internet browsers, such as Google Chrome, Internet Explorer, or Firefox [2]. On the other hand, the deep web is the collection of websites that search engines do not index, and these are usually hosted on private databases, the back end of the surface web's websites, such as websites that require authentication, academic journals, and other out of reach content. Finally, the Dark Web, a portion of the deep web, consists of websites that only specialized web search engines can access [3]. Rudesill et al. estimate the deep web, which houses Dark Web or Dark Net, to be about 400-500 times bigger than the surface web. Their paper further describes Dark Net as a flourishing space for illegal, problematic, and sometimes dangerous activities [4]. The Dark Web consists of several interlaying networks forming the Dark Net.
Created as an isolated set of networks from The Advanced Research Projects Agency Network (ARPANET), Dark Net refers to the subset of the deep net that has hidden network traffic [5]. Unlike the Surface web or Internet, where servers store and facilitate the websites, Dark Net websites are hosted in private networks between trusted peers. These peers or volunteers run relays and nodes that enable these private networks' traffic.
Furthermore, these networks can only be accessed with specific software, configurations, and authorizations, thus making it difficult for anyone to monitor or track users on the Dark Net.
In this way, Dark Net provides a haven for users that want to maintain privacy in their online activities [6]. Although the general media often view Dark Net as a source of malicious activities and a platform full of threat actors and ill-disposed hackers, the reality is more nuanced [4]. Ehsan et al. concur that Dark Net is also a source of new information and a meeting ground for journalists, human rights activists, political dissidents, whistleblowers, as well as scholars [7]. With ever-growing users and content on the Dark Net, it is imperative to understand the security and privacy threats that users might face while interacting within the Dark Net. It is also critical to note that Dark Net can be accessed through specific software and tools such as Tor, a browser implementing onion routing and bounces communication over a network of relays run by volunteers to allow access to the Dark Net. Subsequently, due to the network structure of Tor, it provides some level of anonymity for the users. According to Mirea et al., in January of 2018, there were an estimated 4,000,000 users on Tor visiting the Dark Net [6].
Creating a platform for anonymity undeniably attracts malicious actors to the surface of the Dark Net. Unfortunately, however, various users utilize the Dark Net, which includes: • Users intend to conceal web browsing to circumvent internet-activity monitoring by local ISPs (Internet Service Providers) or law-enforcing government agencies. These users can include people from legitimate backgrounds such as journalists or whistle blowers [6,8]. However, these users can also include criminals who intentionally use these services to conceal their identities. It is challenging to provide selective anonymity without compromising on the anonymity network in the first place, making other legitimate users vulnerable to the system. • Users seek encrypted communication with an immediate network, concealing logs of chat or instant messages being documented on a database. These users might need the protected network not only for anonymous communication but also for financial transactions. • Users seek to publish controversial journalistic articles amid an oppressive regime. This is a specific user base as there have been several incidents where journalists and whistleblowers were targeted after their identities have been revealed https://carleton. ca/align/2019/illuminate-exploring-the-dark-web-a-cloak-for-journalists-and-theirsources/ (accessed on 1 December 2021).
Due to its anonymity feature and lack of policing, Dark Net markets have been flourishing. With the advancement of technology, Dark Net is becoming more accessible to general population. In this scenario, there is a chance that users who are not aware of the threats and risks associated with Dark Net might fall trap to criminal activities or traps set by various police agencies. As described by Masson and Bancroft in their paper, Dark Net is a growing cryptomarket for exchange of illicit drugs within the users which is not sort of scams, traps, hackers, and threats [9]. Privacy and security are part of the fundamental drivers for users to adopt the Dark Web [10], which has motivated our research to understand and analyze the existing research studying different aspects of privacy and security of the Dark Net, including but not limited to the illegal markets hosted in the Dark Web, the deanonymization techniques of Dark Net users, the attack landscapes, as well as the existing user studies since users are a critical component to the Dark Net architecture [11]. By examining the distinct aspects of Dark Net security and privacy, a comprehensive analysis of these aspects will contribute to the countermeasures taken to defend against malicious activities on the Dark Net promoted by unethical users. Accordingly, it is crucial to analyze and understand the inner workings of the Dark Web, including its users' activities to help countermeasure and mitigate malicious activities.
Restrictions and limitations for directly browsing the Dark Net for this research determined that a systematic evaluative approach of related literature can be appropriately suited to the premise of a secure end-user experience. In that regard, we conducted a systematic literature review to provide a holistic overview of the existing literature in this field, which has been confirmed to be of excellent value in other domains [12]. The systematic review conducted in this research seeks to resolve a qualitative evaluation of secure end-user experience on the Dark Net. We collected 2693 in research articles related to the Dark Net's privacy and security. After the final exclusion round, 200 papers from the initial corpus were further analyzed and categorized into different themes after exhaustive thematic analysis. We found that out of 200 articles analyzing the privacy and security of the Dark Net, only 9 conducted any user studies. Thus, given the focus of our research, we performed an in-depth analysis of 9 papers that focus on the user factor. Even those studies that conduct user studies primarily focus on the anonymity network and do not detail user concerns of Dark Net usage, reasons for using Dark Net, or whether the users have any expertise in using such critical network platform where several malicious actors can misuse the lack of knowledge from the user's side [13].
There is an increase of Dark Net usage among general users, in addition to threat actors, whistle blowers, journalists, and policing bodies, because of the anonymity the Dark Net provides [14], in these circumstances, it is crucial to review the research conducted so far and to study the gaps in the knowledge that need to be further explored. More importantly, as researchers, we should study the privacy and security aspects of the Dark Net usage to aid nonmalicious users in these platforms. Thus, the need to understand the body of work conducted so far in this field and to drive future work towards analyzing privacy and security aspect of Dark Net usage from a user's perspective has motivated our paper.
This systematic evaluation is critical in understanding user privacy and security on the Dark Net. Furthermore, the specific search methods have recognized the user focus and the gaps in the literature, which will benefit the research community in learning more about this under-researched user experience domain. In summary, the main contribution of this paper is as follows: • Provide a comprehensive overview of all themes and subjects explored so far in Dark Net research; • Highlight the importance of the study of privacy and security in the Dark Net from the user's perspective; • Point out the gaps and less studied themes in Dark Net research.
In the following sections, we discuss our method of collecting these papers as described in Section 3. In the next Section 4, we explore the results of the 200 papers, which detail the technical aspects of the Dark Net and the technologies required by the users before using such platforms. After that, we detail the user studies in Section 4.2, mention the limitation and future extensions of this work in Section 6, and finally conclude the paper by summarizing the content in Section 7.

Related Work
The Internet consists of websites and web-based content that search engines do not index or crawl either by design or for privacy. These websites and content form the deep web, which remains hidden to a user operating a standard web browser. The network layer of the Dark Web forms the Dark Net; as Zhang & Zou describe, the Dark Net is a part of the deep web, which is an encrypted and private network that requires dedicated and specialized software (such as Tor) for access. This type of network allows users to remain anonymous and makes their network activity untraceable [15]. Dark Net provides anonymity which may attract a variety of users such as whistle-blowers, journalists, users seeking privacy, threat actors, and hackers [16]. The majority of the research has focused on the illegal use of the Dark Net. Along these lines, Lusthaus uses data collected over seven years to analyze the types and extent of cyber-crime conducted within the Dark Net [17]. However, it is also essential to study and analyze the importance of user experience on the Dark Net. Many users might be exposing themselves to security vulnerabilities while interacting on the Dark Net. Unlike the surface web, the Dark Net poses as a safe and private environment, which might make users feel more secure sharing information that they otherwise would keep to themselves. However, this type of uninhibited activity can lead to danger because, as Ehsan et al. discuss in their paper, when correct tools are employed, it is not so difficult to link real identities to the Dark Net user profiles [7].
There are many specialized Dark Net surfing systems available today; some examples of these systems are: The Onion Router (TOR), Free-Net, Invisible Internet Project (I2P), Java Anonymous Proxy called Jon Do (JAP), and so on. The two most popular among these systems are TOR and I2P. Although both of these systems provide the same functionality, which explores Dark Net anonymously, the main difference lies in implementing the systems. As Ali et al. lay out in their paper, Tor uses at least three nodes (devices) to relay encrypted messages to prevent traceability and preserve anonymity. In contrast, I2P creates a virtual network between the sender and receiver of the message, which cannot be tapped by a third party like an internet service provider [18].
We also see that several prior studies emphasize the importance of understanding the user experience on the Dark Net or Tor [8,19]. Additionally, although it appears that the Dark Net provides better privacy than the surface web with ever-changing servers and encrypted networks, it still poses risks, especially for users who possess limited cyber-security knowledge and skills. User experience is central to understanding the security and privacy aspect of technology. Today, many platforms use aggregated user behaviors, decisions, and opinions to guide users to make informed decisions. Such a system provides a peek into user experience, which can help support end-user privacy and security management [20]. In their paper, Chalhoub et al. also employ a user experience study to navigate the security and privacy aspect of smart home devices [21]. Liu et al. also argue that the success or failure of security mechanisms is dependent on user behavior and experience. If users do not feel motivated to adopt the security mechanism or are unable to understand it, the said mechanism fails [22]. Hence, user focus is integral in studying a platform's security and privacy aspects.
To understand further, we conducted a Systematization of Knowledge (SoK) to provide a consolidated analysis of the user focus on Dark Net privacy and security research. A systematic literature review provides a succinct summary of all the research work conducted on a particular topic [23]. Such review papers are beneficial to inform readers of all the researched and reviewed information available on the topic and guide future researchers to look into the research gaps. For example, the works of Stowell et al. and Noah & Das provide a detailed analysis of research in the mHealth interventions for vulnerable population [24] and about online education through augmented and virtual reality installations, [25] respectively. In a similar vein from a methodological perspective, this paper attempts to provide a complete view of all the work conducted to understand the Dark Net's security and privacy. Although we could not find any systematic literature reviews adhering to our research topic, we found some literature analysis focusing on Dark Net evolution. The majority of the literature reviews published in security and privacy in Dark Net focus on the specific Dark Net forums and Dark Net markets, providing information on different cyber threats and hacker activities [26][27][28].

Methods
In order to categorize and understand the existing research on the deep web and Dark Net privacy and security, we conducted a systematic literature review. We reviewed these articles intending to answer the following four research questions, each with a list of keywords to narrow down the search:

Database and Keyword-Based Search
We searched through six digital scholarly databases: Google Scholar, ACM Digital Library, ScienceDirect, SSRN, IEEE Xplore, and Sagepub. Our selection process was based on iterative evaluation. We started by defining appropriate keywords for our research. The search terms were identical throughout the six digital libraries and included the following terms: "Privacy"OR "Security"AND "Deep Web"OR "Dark Web"OR "Dark Net"OR "Deepweb"OR "Darkweb"OR "Darknet".

Inclusion and Exclusion Criteria
Our selection standards for the corpus required that all papers be: (1) research papers or articles published in peer-reviewed journals or conferences to best ensure academic integrity; (2) published in English-therefore, we did not use any translation software to convert the papers published into other languages; (3) made available by 31 August 2021. These selection criteria were chosen to ensure all papers were held to a high academic standing and could be accessed and analyzed by our research team. Moreover, papers were excluded if: (1) the full text was not available despite having privileged administrative access. For these papers that were not available for open access, we reached out to the authors via email to gain access to the full text; (2) they were presented as a work in progress, posters, extended abstracts, or any other form apart from a complete paper; (3) the content analysis showed that the research was not directly related to Dark Web or deep web privacy and security; (4) the collected articles were part of book chapters. At the end of this step, we had 1751 in papers. As we detail the data collection, screening, and paper analysis stage in the following subsections, we provide a snapshot of the steps in Figure 1.

Title and Abstract Screening
We conducted a manual title and abstract-based screening to remove any irrelevant papers. During this screening process, some papers were excluded. These were articles about privacy or security that were not directly related to the deep web or Dark Web and papers that examined the Dark Web but were irrelevant to privacy or security. After performing the steps mentioned above, a total of 275 articles remained for a detailed analysis. Additionally, the full-text analysis further reduced the literature count by 75, leaving us with a corpus of N = 200 papers.

Thematic Analysis
We conducted a detailed thematic analysis to synthesize the knowledge from prior literature. For this, we followed the qualitative analysis techniques as explained by McInnes et al. [29] and Moher et al. [30] in their papers. For this analysis, we looked into the abstract, methods, results, discussion, and conclusion of the N = 200 collected papers, obtained from the title, abstract, and full-text screening. The papers were then evaluated by first going through each one and generating the codebook. The codebook consisted of 107 open codes, which were themed into ten overarching themes, including frameworks and technological solutions proposed, network analysis, deanonymization, the attack landscape on the Dark Web, forensic studies, evaluation of illegal activities on the Dark Web, ethical and legal implications of research, author notes and overviews and evaluations of the Dark Web, studies on Dark Web illegal markets, forum, and social network studies, and finally, the user studies. The codebook details with the open codes and themes are provided in Table 1. Table 1. A snapshot of the correlated open codes and themes generated for thematic analysis of the analyzed 200 papers on dark net user privacy and data security. Table 2 in the results section shows the distribution of the papers as per the thematic analysis. Any paper which had any form of user study, even if that was not the primary theme of the paper, was marked in the user study category. This was mainly done given the focus of the research. The codes were not mutually exclusive, and the papers detailing any of the earlier themes were categorized accordingly. The first author of the paper performed the thematic analysis. If there was any confusion about the categorization, then the second and third authors of the paper helped in the thematic analysis of the work until all three authors agreed on a theme. All three authors reviewed the final thematic evaluation to check for discrepancies or disagreements. Table 2. Thematic overview of the papers collected and analyzed based on the codebook and themes generated. Note that the total of the percentages is over 100 since the categories are not mutually exclusive.

Category Articles
Frameworks

User Study Analysis
After the thematic analysis, we conducted a detailed user study analysis focused on the n = 9 user studies. We expected more papers on the user studies, but we could only find nine relevant papers in the data repository after careful evaluation. After that, we extracted the quantitative and qualitative findings to assess the user perspective on the security and privacy of the Dark Web and deep web research conducted by prior studies.

Results
For each of the 200 papers in our corpus, information was collected, classified, and analyzed separately by categorizing the corpus papers into ten themes, as shown in Table 2. This section outlines the results pertaining to this thematic analysis. First, we mainly looked into the methods, results, discussions, implications of the mentioned papers and the timeline of paper publications which can be seen in Table 3. We then performed a detailed analysis of the user studies, discussed in the later sections. Frameworks &  Technological Solutions  1  --1  -1  2  2  2  3  3  3  4  3  8  10  5 Network Analysis

Frameworks and Technological Solutions of Dark Net Privacy and Security
Over a quarter of the papers 54 (27%) aimed to design and introduce technologybased solution as well as frameworks to enhance the privacy and security of the Dark Net [31][32][33][34][35][36]. The research was based on several types of technological solutions proposed by the authors to enhance the privacy and security of the Dark Net, including artificial intelligence approaches, data mining, network-based solutions, encryption, as well as statistical approaches as shown in Figure 2. Many of the papers use these technical solutions, the most prominent of which is combining network-based solutions with artificial intelligence methods. One such study, "ToRank: Identifying the most influential suspicious domains in the Tor network", develops a new algorithm for classifying the onion domains into normal and suspicious activities, then ranking these domains and identifying the influential ones. Through their study, AL-Nabki et al. also extended the version of the "Dark Net Usage Text Addresses" dataset up to 10,367 manually labeled hidden services in the Tor network [58]. Fidalgo et al. attempt to classify images uploaded to the Tor network using artificial intelligence methods in a different approach. These methods include semantic attention key point filtering, which is a model introduced in this paper to eliminate non-significant features which do not belong to the main object of interest in the image at the pixel level [38]. Figure 3 shows a detailed timeline of publications of papers related to the theme of frameworks and technological solutions for Dark Net privacy and security. This timeline demonstrates the growing awareness and subsequent study of privacy and security in Dark Net research.

Network Analysis of the Dark Net
We classified papers as network analyses of the Dark Net if the methods adopted to investigate and analyze the Dark Net networks, such as traffic monitoring, traffic taxonomy, port scanning, network topology, and so on, as demonstrated in Figure 4. We found 49 (24.5%) papers in our corpus that fit into this category . These papers provide insight on the workings and structure of the Dark Web networks. In this regard, Platzer et al. use traffic analysis methods to deanonymize hidden services on the Tor network. By analyzing traffic on the introduction point circuit data channel, Platzer et al. provide three independent methods that allowed them to deanonymize any hidden service on Tor [123]. In a similar approach, Vichaidis et al. investigate the cause of instabilities in transmission control protocol traffic of the Dark Net at different timescales. Analyzing the traffic instabilities daily allowed them to detect the large-scale anomalous event, while analyzing the hourly traffic allowed them to detect the small-scale anomalous events [85]. On a different note, we notice that the publications for this theme peaked at ten papers in 2018, from where it went down to 7 papers in 2019 and 9 papers between the years 2020 and 2021; Figure 5 provides further details on this trend.

Attack Landscape
We classified papers discussing Dark Net privacy and security as attack landscape and scope of cybersecurity threats. We primarily focused our evaluation on seeing if the authors analyzed attack surfaces on the Deep Net or if they identified vulnerabilities or threats using Dark Net data or technology used to access Dark Net. In our analysis, we found 25 (12.5%) out of 200 such papers in our corpus [63,75,76,113,121,[125][126][127][128][129][130][131][132][133][134][135][136][137][138][139][140][141][142][143][144]. These papers particularly describe the methods used to detect, prevent, mitigate, or predict cyber attacks. One such paper introduces a monitoring system used to detect Distributed Denial of Service (DDoS) attacks by monitoring the packet traffic on the Dark Net [63]. Similarly, Almukaynizi et al. designed a system that leverages Dark Web and Deep web data to detect cyber threats targeting crypto-currency users and platforms [134]. The bar graph Figure 6 demonstrates different attack vectors discussed in the 25 papers and their distribution among these papers. On a different note, we notice that the publications for this theme started in 2008 with three papers that year, but there was only one paper published between 2008 and 2014; we were unable to find any papers published in 2021 relevant to this theme (Figure 7).
We also included papers in this category if they compiled and introduced various techniques and ways users can protect their privacy and be secure while using the Dark Web. Along these lines, Ranakoti et al. present a multitude of approaches and techniques to protect Dark Net users through anonymity [171]. In their paper, Hatta also examined anonymity in the Dark Net, as well as the different technologies used to access the Dark Web, but mainly focused on anonymization by Tor [173]. Further, the first publication for this theme we were able to find was in 2009, when the publication was moderately sparse over the years, until 2017 when the number of publications would rise and maintain a steady pace until 2021 ( Figure 10).

Evaluation of Illegal Activities over Dark Net
Papers were classified as an evaluation of illegal activities over the Dark Net when they reviewed the presence as well as impacts of illegal activities on the Dark Web in general and its illegal markets in particular on the users [9,10,64,139,152,155,160,[183][184][185][186][187][188][189][190][191][192][193]. Of the 200 papers in our corpus, 18 (9%) papers explored the illegal aspect of Dark Net activities. In that regard, in their paper, Witting discusses the ethics behind allowing the police to distribute illegal child sexual abuse materials in order to be able to infiltrate similar circles on the Dark Net and weighs the pros and cons of establishing the legality of such practices, especially on actual victims and future probable victims [187]. On the other hand, He et al. propose machine learning classifiers to categorize illegal activities on the Dark Net. This is achieved by selecting laws and regulations pertinent to diverse types of illegal activities to train their classifiers [183]. Moreover, the majority of the papers (75%) within this theme were published between 2018 and 2020. Unfortunately, we could find only one paper published in 2021 before our data collection ended. Figure 11 shows more details of the publication timeline of this theme. 2013 [160] 2014 [193] 2016 [184,189] 2018 [9,10,185,187,190] 2019 [155,183,186] 2020 [64,139,152,188,191] 2021 [192]

Forum and Social Network Studies Evaluating Dark Net Data
The papers that focused on the analysis of content shared by users in the Dark Net across forums and social network platforms make up 8.5% (17 papers) of the papers used in this review [9,16,70,71,184,[194][195][196][197][198][199][200][201][202][203][204][205]. These papers employ techniques to classify and analyze the messages shared by the users to gauge the mental model of the user, as well as to predict any cyber threats. For example, Almukaynizi et al. describe a social network analysis that can identify malicious activities and help predict potential cyber threats by scanning the content shared across Dark Net forums [199]. Similarly, Park et al. use data collected from the Dark Net forums to conduct a sentiment analysis that shows the correlation between negative sentiments of users and real-world terrorist events [200]. We also note that the publication for this theme started in 2010 with two different papers, but there were only two papers published between the years 2011 and 2015. We were unable to find any new papers pertaining to this theme published in 2021 ( Figure 12).

Deanonymization of Dark Net Users
Thirteen (6.5%) papers out of two hundred focus on the promise of anonymity provided by the Dark Net [7,69,[122][123][124]162,168,[206][207][208][209][210][211]. Mainly, the Dark Net attracts users who want to be able to share their information in privacy while remaining anonymous and untraceable. However, anonymity is not a given on the Dark Net. Arabnezhad et al. introduce a tool that links Dark Net aliases with aliases used in the standard web, which in turn allows for identity detection of Dark Net users who create posts on both Dark Net and surface net forums [7]. Some papers study the intentional trade of Personally Identifiable Information (PII) within the Dark Net forums. Lin et al. provide a framework in their paper that can help identify partial PII shared by users in the Dark Net forums, thus helping authorities protect these PII for at-risk population [208]. Additionally, the publication of papers within this theme started in 2016, with publications in 2020 alone accounting for half of the papers analyzed in this study ( Figure 13). 2016 [206] 2018 [122,124,211] 2019 [162,209] 2020 [7,69,207,208,210] 2021 [123]

Ethical and Legal Implications of Dark Net Transactions
Only 7 (3.5%) papers studied in this review discussed the ethical and legal implications of Dark Net transactions [4,10,72,187,[212][213][214]. As a result of the anonymous and untraceable nature of the Dark Net, it attracts threat-actors that can conduct activities of an illicit nature without the fear of impunity from the authorities. The Dark Net websites and forums create a dilemma for the authorities to uphold legal and ethical standards in the Dark Net discourse. Mihelic et al. discuss the limitations of legal enforcement when policing illegal activities such as the distribution of child pornography, illegal trafficking of arms, drugs, illegal items, or personal information. Although the paper focuses solely on the measures used by Slovenian Police authorities, which involves using malware to trace the threat actors, the theme of ethical implication applies to all policing bodies across other nations as well [212]. The current legal systems are not prepared to police the activities on Dark Net and thus often have to resort to means that might otherwise be considered unethical. On the other hand, Jardine argues through his paper that the current image of the Dark Net might lead to an eventual shutdown of the current form Dark Net thus leading to a more restricted and emboldened version of it that might be even more difficult to manage [10]. We notice that starting in 2015; there was an average of one paper published within this theme per year, except for 2018 where two papers about ethical and legal implications were published ( Figure 14). 2015 [4] 2016 [214] 2017 [212] 2018 [10,187] 2019 [213] 2020 [72]

Analysis of User Studies
In addition to our thematic analysis, we performed a detailed analysis of our corpus's user studies (n = 9). Our goal was to understand and assess the studies that evaluated user perceptions of privacy and security on the Dark Net. Therefore, we performed a thorough analysis of the n = 9 user studies. In addition, we analyzed some of the study aspects, such as the type of study conducted, study populations, and context of the study. Specifically, we wanted to analyze the themes studied via user studies in these papers. Although, as we have pointed out previously, users play a significant role in the Dark Net study, through these papers, we wanted to understand the current trend in the focus of such user studies in this research landscape.

Study Method
Of the n = 9 user studies in our corpus, 5 (55.56%) were qualitative studies [6,9,184,193,205] with open-ended questions, three of these papers consolidated their user studies with forum studies. Of other studies, 3 were mixed method including some qualitative aspects as well as some quantitative analysis [215][216][217] and only one was exclusively qualitative [10] using respondent level data from the CIGI/Ipsos 2016 survey.

Study Population
Most of the user studies in our corpus had an insignificant number of participants, with Bancroft and Reid only able to recruit 5 participants from the Dark Web users [184]. The most participants any study had was 78 participants [217], except for Jardine, who used data from respondents of the CIGI/Ipsos 2016 survey [10] which gave them access to a survey of 17,121 participants, Table 4 presents this in more details.
It is important to note that only one paper [6] did not provide any demographic information on its participants in order to respect the culture of the Dark Net and guarantee total anonymity.

Recruitment Methods
Except for [10], the authors of the other papers recruited participants and collected their data. These papers used different types of recruitment methods. Some papers used more than one method to obtain the most recruits possible. The method used the most was via forum publication, as in [6,193,215], where only [6] specified the forums they used to publish their invitations. Authors also made use of social media [9,215], where they requested participation in their research. In the case, of [9] one participant approached an author via Twitter. A method equally used was word of mouth [9,184].
Additionally, the author made use of TOR-specific mailing lists in [215,216]. In one case, the message board recruitment of 'Silk Road' site members was used to recruit participants [205], and finally recruited students and their parents from a university in the province of Gauteng, South Africa. However, the authors of this last paper did not aim to recruit specifically users of the Dark Net since the purpose of the study was to analyze their participants' perceptions of the dark Net.

Study Categories
The user studies had a broad spectrum concerning the subject of each research. Two of these papers adopted a holistic aspect and sought to understand the perspective of different users of the Dark Net. As such, in their paper "The not so dark side of the Dark Net: a qualitative study" Mirea et al. tried to understand the mindset of established Dark Net users and surveying by posting a questionnaire link embedded in an invitation letter in four Dark Net hosted forums and ended up with 17 completed responses. The survey investigated how the participants found out about the Dark Net, why they used it, and the exciting features participants found appealing about it. Mirea et al. also asked their survey participants about their opinion on Silk Road and whether they think the Dark Net promotes crime [6]. On a similar note, Odendaal et al. examine the current levels of South African students' awareness, understanding, and utilization of the Dark Net and contrasts it to that of older generations, in this case, the students' parents [217]. The survey in both studies was similar in many aspects. However, the population was divergent as most of the participants in the second study were not regular users of the Dark Net.
Another exciting category of these user studies was illegal drugs on the Dark Net; 4 papers examined this subject from different lenses. Two of these papers only marginally addressed the security and privacy aspect of the Dark Net and its users and focused more on the drug element. One of these papers primarily focused on the illegal drug quality as perceived by Dark Net market users and how they compare drug quality [184]. Similarly, in their study, Masson and Bancroft only touched on privacy and anonymity marginally, as their main subject of interest was to conduct an ethnographic study on Dark Net drug centered markets; as such, no questions about privacy or security concerns were asked in this study, and privacy was only mentioned once by a participant as a non-concern [9]. The remaining papers chose the silk-road market as their primary object of study, with two different populations. While Van Hout and Bingham [193] targeted vendors exclusively in their study "Responsible vendors, intelligent consumers: Silk Road, the online revolution in drug trading" , their previous paper "'Surfing the Silk Road': A study of users' experiences" addressed silk road buyers [205]. Both papers had a similar outline, with some questions being exclusive to the different populations of the studies.
In their paper, Huang and Bashir [216] scrutinize the motivations behind Tor network users volunteering their resources to sustain Tor services despite the risks, and they also examine the users' perception of the attitudes that the current social and legal system has toward the Tor network and the challenges they face. This paper shows that the predominant motive of these volunteers is to advocate and provide privacy for online users. On the other hand, Ref. [215] explored the reasons behind the differences in self-reported usage of anonymous networks to help them understand if users would be willing to change the way they use anonymous networks because of a new technical scheme.

Discussion and Implications
We conducted a detailed systematic review of 200 papers focused on the privacy and security of the Dark Net with an emphasis on the user side. We recognize and acknowledge the importance of the valuable research contributions towards improving the security and privacy of the Dark Web network; however, it is crucial to note that there are some identified research gaps through this literature review that can be further expanded to enrich this field. Thus, we need more studies to thoroughly comprehend the security and privacy challenges faced by the average Dark Net user. This section presents our recommendations for future directions in this research area based on our analysis of the papers.

Focus on Technical Aspects
Previous research on the Dark Net security and privacy tends to be primarily technical. Researchers focused on technical skills such as network analysis, web crawling, and artificial intelligence (AI) to preserve the privacy of users and safeguard their data on the Dark Net [31][32][33]. Some of these studies also discuss the use of automation in the detection of anomalies [31][32][33]. Another aspect of this research that we have noted is the feasibility of these technical solutions. Often these solutions include the use of AI or Machine Learning techniques which use datasets with bias issues that AI/ML algorithm creators seldom address in the implementation. As an extension of this research, we plan to obtain a representative sample that is understandably challenging to obtain given the nature of Dark Net data. We can discuss obtaining more representative samples to provide technical solutions as a research community.
Furthermore, the current research focuses on the network topology of the Dark Net, which, although highly critical, does not give much insight into the use of these networks. For example, there is little to no usage monitoring on the Dark Net [218], given the nature of access. However, due to the feasibility of access points such as Tor, more younger adults are moving to the platform, which can be concerning; thus, usage moderation from the access point perspective will be beneficial, such as that of Tor. Though it is essential to observe the Dark Net patterns and study the attack vectors, one of the vital components we often seem to ignore is the user side. The users of the Dark Web have been traditionally more technically sound [219]; however, with increasing access to tools like Tor, more technically diverse users are joining the Dark Net networks. Thus, it is imperative to understand the users we have mentioned in the following subsection.

Future Direction towards User Studies
In the previous subsections, we note the possible harmful effect on the users due to the Dark Net; hence, our primary focus in this study is to emphasize the user component of Dark Net research. However, from our analysis, we discover a significantly smaller number of user studies yielding only n = 9 papers on the given topic of research [6,9,10,184,193,205,[215][216][217]. This clearly shows a research gap where the perceptions and experience of users' interactions within the Dark Net are concerned. This is even more concerning as prior studies have shown that several non-experts in technology use Dark Net for various interactions.
Additionally, policing agencies from different countries also monitor the interactions and transactions on the Dark Net. In such a scenario, users with little technical expertise and little or no data protection surfing the Dark Net websites present a troubling picture. Therefore, user studies provide a unique perspective on a situation that can provide valuable insight into users' experience navigating these networks. In the case of the Dark Net, user perception and experience play an even vital role because the Dark Net is built by the volunteer users base that facilitates the entire Dark Net network architecture and runs relays that ensure the anonymization of these users. Dark Net is used for multiple purposes, from whistleblowing [6] to sharing information to conducting illegal transactions and discussing real-world terrorist attack [220,221]. In this way, Dark Net provides a landscape that can be very useful and detrimental to modern democracy [222].
User experience and user-focus studies can help researchers evaluate emerging trends, technology evolution, and real-world impacts. It can also inform legal authorities to create legal reforms and policing measures and track criminal activities. However, even for the nine studies that conducted any user-focused experiments, two of them were generic. For example, instead of focusing on the Dark Net, they focus primarily on Tor, through which users access Dark Net. In addition, three of the user studies that managed to do an interview and participants' observations had less than 20 participants, as explained earlier. Moreover, the studied participants were primarily non-experts; thus, all the technical solutions the researchers are working on might not work for them unless user input is considered. As we see from prior studies in different domains, usability [223][224][225] and accessibility [226,227] play a vital role when it comes to the adoption of technologies. Especially for Dark Net, research by Morch et al. has shown fatal consequences of not looking into the user side [201].
We understand that participant recruitment can be a significant challenge for userfocused experiments, especially when it comes to sensitive technologies such as Dark Net. However, none of the papers discuss this constraint or emphasize how to address this issue. With over two million active users of the Dark Net and the sheer scale of illegal activities that can benefit from the under-laying network, it is essential to address this. Moreover, in lieu of illegal activities, it is also imperative to protect those whose usage is dependent on the anonymity of the network and help protect their identity.

Attack Surfaces
Another critical aspect of the Dark Net research is that despite the technological focus on the Dark Net, there are several attack vectors explored by the attacks. A simple example will be if a user uses identifiable information while using Tor or any such Dark Net access tools. However, research by Gallagher et al. showed how users often ignore these aspects and rely on the "black box" mechanism of tools such as Tor [228]. This is even more concerning as it creates a false sense of security [229,230]. Thus, in addition to the risk perception and evaluation of users [231], user education is critical as well [232]. We can adapt to Dark Net's previously studied and proven research techniques for this particular research area.

More Emphasis on Dark Net and Legal Implications
We noted that though our research and focus was on the Dark Net, most of the papers (98) focus on Tor or other gateway browsers or software, despite our best efforts. This is, of course, critical for this research. However, no paper focuses on the content of the Dark Net, Usage Statistics, or the type of user interactions. Thus, the emphasis on the Dark Net is essential, which is either left unexplored or little is known in the field. We acknowledge that given the type of data transactions, it is difficult to conduct the research; however, it is critical to understand the transactions done before protecting the user data. The more we know about it, the better it will be for the researchers to provide tools that protect users' privacy through anonymization and prevent data leaks when any interaction occurs through Dark Net.
Another benefit of focusing our research on the Dark Net will be to investigate the legal perspective. Much past research focuses on methods to track and gather evidence regarding specific criminal activities such as illegal trading of drugs and goods, illicit use of cryptocurrency, and other illegal activities [213,233]. However, there is little to no knowledge of the legal implications of regular Dark Net usage and interaction. This is especially concerning because of the heavy government surveillance and monitoring of these sites and that users are unaware of who they might be interacting with while on this sites [234]. In their paper, Rafiuddin et al. describe many precautions taken by the researchers before accessing the Tor websites to protect themselves from both law enforcement and the threat actors. This includes removing both microphone and webcam drivers from the machine, taping the webcam even after they have removed the drivers, using their VPN network, and completely removing all Personally Identifiable Information from the device [235]. However, an average internet user using the Dark Net to keep their activities private might not take these precautions and might get into trouble if they access fake sites created by law enforcement to trap criminals or fall prey to illegal trade chains. Thus, given this exciting take on the legal perspective, it is critical to explore this area to help the users prevent malicious interactions.
In summary, we propose that the larger research community explore more diverse avenues in the Dark Net research through this SOK. As pointed out above, we have highlighted four essential aspects of research that need to be studied in the future to gain a better understanding of Dark Net use. The benefits of outlining the research gaps are obvious; studying these less-explored topics will help the researchers and the overall user community understand the privacy and security risks of Dark Net use. Furthermore, this awareness will aid users from all walks to interact with this medium more carefully. The only drawback of studying these highlighted issues is that such studies might require more resources.

Limitations and Future Work
In this paper, we conducted a systematic analysis to evaluate the research articles and peer-reviewed papers published in the field of security and privacy of the Dark Net. We collected papers from six different digital repositories and limited our search to papers published in English. Therefore, we might have missed some papers outside of these digital libraries. However, our extensive literature review provides a detailed overview of the current research on Dark Net privacy and security, focusing on the user side. Additionally, the first author of the paper primarily performed the thematic evaluation. We addressed this by having all papers considered by the second and third authors in the last discussion. As for user studies, we only found 9 papers that included any user study analysis, despite our best efforts. We understand it is challenging to conduct user studies on such sensitive topics; however, even those papers are focused primarily on Tor than Dark Net.
This shows the research gap, and thus in the future extension of our work, we plan to conduct a literature review of user studies of privacy and security of the Dark Net using a specific keyword-based search. We also plan to contribute to the field by conducting user studies to evaluate the user perceptions and experiences of Dark Net usage while focusing primarily on a privacy and security perspective. In such a user study, we would like to compare the differences in perceptions and experiences of users based on their age group and technical abilities. This would also be an opportunity to review the privacy and security threats users face on the Dark Net and measure their awareness of these risks. The Dark Net's privacy and security risks are an apparent concern for the users, as shown through the different user study evaluations. As we acknowledge the difficulty in obtaining such user participation, we emphasize the criticality of understanding the perception of the Dark Net for any user, given the secretive yet vulnerable nature of the platform.

Conclusions
The Dark Net is an overlay network within the Internet that can only be accessed with specific software, configurations, or authorization through anonymization tools such as Tor, Freenet, or I2P. Although the Dark Net is often associated with illegal and criminal activities, it is an essential tool for many people looking for anonymity, such as journalists and politicians. Despite having the critical user component of the Dark Net, the user side of the Dark Net is severely understudied. To understand this further, we conducted a detailed systematic literature review after collecting 2693 papers from six different digital repositories, including ACM Digital Library, Google Scholar, SSRN, IEEE Xplore, and Sagepub. After that, we thematically analyzed N = 200 of the relevant papers on the topic. In these papers, we primarily examined the security and privacy of the Dark Net studied by prior literature. We found that current research focuses primarily on network analysis tools and methods for Dark Net security.
Additionally, papers discussing the technical aspects of the Dark Net privacy and security entirely focus on Tor. From the user side, it is also important to note that fewer than 5% of the papers in our corpus are user studies. Among those, two papers were broad-spectrum and only marginally touched on the security or privacy of the Dark Web. Thus, we see a need for more user studies and acknowledge the difficulty in obtaining the participant pool. Based on our analysis, we provide actionable recommendations based on the prior research, which paves the future direction of this research. This SoK on Dark Net privacy and security is critical to observing the research gap. This is one of the only papers to our knowledge that focuses on analyzing prior work on the user perspective of the Dark Net. This SoK also provides directions in the research area, which can be explored further to help protect the data of millions of Dark Net users.